Illustrate TLS v1.2
2021-07-11 22:19:39 13 举报
参考https://tls.ulfheim.net/,用时序图的方式整体一下整个过程
作者其他创作
大纲/内容
12. Application data record
Client Handshake Finished
Verify Data - encrypted
Client Application Data
Encryption IV - 16 BytesEncrypted Alert Data - \"Close Notify\"
4.2 Handshake recordMessage type - server key exchange
11. Application data record
client MAC keyserver MAC keyclient write keyserver write keyclient write IVserver write IV
9.2 ChangeCipherSpec record
Client Key Exchange
Client Public Key - 32 Bytes
13. Alert record
5. Handshake recordMessage type - server hello done
Server Handshake Finished
4.1 Server Key Exchange Generation
Server Hello Done
No other data
Notice client that all following messages from the server will be encrypted with the client write key.
6.2 Handshake recordMessage type - client key exchange
6.1 Client Key Exchange Generation
Server Key Exchange
Curve InfoServer Public Key - 32 BytesSignature
server randomclient randomclient public keyserver private key
Server
7.1 Client Encryption Keys Calculation
Server Hello
Selected TLS Version - TLS v1.2Server Random - 32 BytesSession ID - OptionalSelected Cipher SuiteExtensions
Server Application Data
Encryption IV - 16 BytesEncrypted Data - encrypted \"pong\"
1. Handshake recordMessage type - client hello
9.1 Server EncryptionKeys Calculation
Client Hello
Client Version - TLS v1.2Client Random - 32 BytesSession ID - OptionalCipher SuitesExtensions
8. Handshake recordMessage type - finished (0x14)
Client
Encryption IV - 16 BytesEncrypted Data - encrypted \"ping\"
2. Handshake recordMessage type - server hello
server randomclient randomserver public keyclient private key
Exchange application data
7. ChangeCipherSpec recordremoved this msg type in next tls version
10. Handshake recordMessage type - finished (0x14)
3. Handshake recordMessage type - certificate
Server Certificate
Certificates Total LengthFirst Certificate Length - 3 BytesFirst Certificate Content - derSecond ...
Notice server that all following messages from the client will be encrypted with the client write key.
收藏
0 条评论
下一页